1 files changed, 48 insertions, 17 deletions

diff --git a/install/tools/ipa-drm-install b/install/tools/ipa-drm-install
index 2a2b2a727..b4b308d60 100644
--- a/install/tools/ipa-drm-install
+++ b/install/tools/ipa-drm-install
@@ -24,17 +24,21 @@ import sys
 from ConfigParser import SafeConfigParser, NoOptionError
 
 from ipalib import api
-from ipaserver.install import drminstance
-from ipaserver.install import dsinstance
-from ipaserver.install import installutils
 from ipapython import version
-from ipaserver.install.installutils import read_password
 from ipapython import certmonger
-from ipapython.ipa_log_manager import *
 from ipapython import dogtag
-from ipapython.config import IPAOptionParser
+from ipapython import ipautil
 from ipapython import services as ipaservices
-
+from ipapython.config import IPAOptionParser
+from ipapython.ipa_log_manager import *
+from ipaserver.install import dogtaginstance
+from ipaserver.install import drminstance
+from ipaserver.install import dsinstance
+from ipaserver.install import installutils
+from ipaserver.install import service
+from ipaserver.install.installutils import (
+    read_password, read_replica_info_drm_enabled,
+    create_replica_config)
 
 log_file_name = "/var/log/ipa-drm-install.log"
 
@@ -62,12 +66,15 @@ def uninstall(realm_name):
 
 
 def parse_options():
-    usage = "%prog [options]"
+    usage = "%prog [options] [replica_file]"
     parser = IPAOptionParser(usage=usage, version=version.VERSION)
     parser.add_option("-d", "--debug", dest="debug", action="store_true",
                       default=False, help="gather extra debugging information")
     parser.add_option("-p", "--password", dest="password", sensitive=True,
                       help="Directory Manager (existing master) password")
+    parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
+                      default=False,
+                      help="Do not use DNS for hostname lookup during installation")
     parser.add_option("-U", "--unattended", dest="unattended",
                       action="store_true", default=False,
                       help="unattended installation never prompts the user")
@@ -79,12 +86,13 @@ def parse_options():
     options, args = parser.parse_args()
     safe_options = parser.get_safe_opts(options)
 
-    return safe_options, options
+    fname = args[0] if len(args) > 0 else None
+    return safe_options, options, fname
 
 
 def main():
     log_file = "/var/log/ipa-drm-install.log"
-    safe_options, options = parse_options()
+    safe_options, options, replica_file = parse_options()
 
     if os.geteuid() != 0:
         sys.exit("\nYou must be root to run this script.\n")
@@ -103,7 +111,7 @@ def main():
                  " in unattended mode")
 
     dm_password = options.password or \
-                  read_password("Directory Manager", confirm=False)
+        read_password("Directory Manager", confirm=False)
     if dm_password is None:
         sys.exit("Directory Manager password required")
 
@@ -142,8 +150,10 @@ def main():
     if enable_drm is not None and enable_drm == 'True':
         sys.exit("DRM is already installed.")
 
-    if enable_ra is not None and enable_ra == "True" and \
-                    ra_plugin is not None and ra_plugin == "dogtag":
+    ca_installed = enable_ra is not None and enable_ra == "True" and \
+        ra_plugin is not None and ra_plugin == "dogtag"
+
+    if ca_installed:
         if dogtag_version is not None and dogtag_version >= 10:
             # correct dogtag version of CA installed
             pass
@@ -152,6 +162,13 @@ def main():
     else:
         sys.exit("Dogtag CA is not installed.  Please install the CA first")
 
+    installing_replica = dogtaginstance.is_installing_replica("KRA")
+    if installing_replica:
+        if replica_file is None:
+            sys.exit("A replica file is required.")
+        if not ipautil.file_exists(replica_file):
+            sys.exit("Replica file %s does not exist" % replica_file)
+
     # Initialize the ipalib api
     cfg = dict(
         in_server=True,
@@ -164,11 +181,25 @@ def main():
     print "This program will setup Dogtag DRM for the FreeIPA Server."
     print ""
 
-    drm = drminstance.DRMInstance(realm_name,
-                                  dogtag_constants=dogtag.install_constants)
+    if not installing_replica:
+        drm = drminstance.DRMInstance(
+            realm_name,
+            dogtag_constants=dogtag.install_constants)
+
+        drm.configure_instance(host_name, domain_name, dm_password,
+                               dm_password, subject_base=subject)
+    else:
+        replica_config = create_replica_config(dm_password, replica_file, options)
+
+        if not read_replica_info_drm_enabled(replica_config.dir):
+            sys.exit("Either DRM is not installed on the master system or "
+                     "your replica file is out of date")
+
+        drm = drminstance.install_replica_drm(replica_config)
+        service.print_msg("Restarting the directory server")
 
-    drm.configure_instance(host_name, domain_name, dm_password,
-                           dm_password, subject_base=subject)
+        ds = dsinstance.DsInstance()
+        ds.restart()
 
     drm.enable_client_auth_to_db(drm.dogtag_constants.DRM_CS_CFG_PATH)